Frequently Asked Questions
- developing their GRC awareness at different levels,
- establishing policies and implementing them to protect the core information assets, internally/externally regardless of border,
- embedding the appropriate methodologies, processes, controls and performance measurements in respect of its business associates' needs, local or international regulatory requirements, and
- without fail, committing to its business associates’ belief, urgency and priorities.
We focus on providing Practitioner Advice on Corporate Information and Technology Governance, Risk and Compliance up values chain.
Specifically, we advise Board/Senior Executives on the industry standard Governance methodology such as:
- Sarbanes-Oxley Section 401: Disclosure Controls,
- Sarbanes-Oxley Section 401: Disclosure in periodic Reports,
- Sarbanes-Oxley Section 404: Assessment of internal Control,
- COBIT framework - by ISACA
- NIST Cyber Security framework
through to addressing broad range of Information/Technology Risk & Security Management, and Compliance to middle managers and enterprise staff.
We provide the following standardized and bespoke awareness/training programs based on an unparalleled standards by IT Governance Ltd.
- CISO Overview,
- COBIT Overview,
- CISM Overview,
- Corporate Information and Technology Governance, Risk and Compliance Overview.
iTGRC Asia is a strategic partner to IT Governance Ltd. from UK. iTGRC Asia carries highly regarded and credible packages from IT Governance Ltd and deliver them to his business associates in Asia through a team of competent and experienced consultants, with strong backing from IT Governance Ltd. Thus giving business associates the assurance that products and services offered and implemented adhere to international and industries standards, and they meet the necessary regulatory requirements.
The Cyber Essentials scheme’s five security controls provide the basic level of protection that you need and can protect it from around 80% of cyber attacks, allowing you to focus instead on your core business objectives.
By properly implementing cyber security controls, you will also drive business efficiency throughout the organisation, saving money and improving productivity. On top of that, A Cyber Essentials or Cyber Essentials Plus badge will enhance your business’s reputation and open up new commercial opportunities by proving to your customers that you take the security of their information seriously and are taking the necessary steps to reduce cyber risks.
note: IT Governance is a CREST-approved member and accredited Cyber Essentials scheme certification body.
iTGRC Asia, in collaboration with IT Governance offers the basic ‘DIY’ package for Cyber Essentials and Cyber Essentials Plus for companies that don’t need any additional assistance or support when applying for certification. For companies that require additional assistance, we offer additional support. View our packages .
Cyber Essentials is applicable to all organisations, of all sizes, and in all sectors. We encourage all organisations to look at the requirements and to adopt them. This is not limited to companies in the private sector, but is applicable to universities, charities, public sector and not-for-profit organisations.
Organisations that have successfully been assessed against the scheme will be able to use the appropriate Cyber Essentials badge to publicise this fact. Being able to advertise that you have met a Government approved cyber security scheme will give you an edge over competitors in the same market.
Yes. You can gain the badge in addition to other schemes. The process of meeting the requirements of other standards may have included work which meets or partially meets the Cyber Essentials Requirements. Your Certification Body will be able to advise you further. It is intended that compliance with Cyber Essentials will add value to the majority of organisations and demonstrate to customers, partners and stakeholders that you take information security seriously.
Cyber Essentials aims to describe the small number of fundamental mitigations that will stop the majority of internet based cyber-attacks to your IT system. It is important that you think about your own organisation and risk as set out in the ’10 Steps to Cyber Security’ guidance to determine if implementing the Cyber Essentials alone is enough for you. Many organisations will need to have in place far more controls and procedures to manage the risks they face. Cyber Essentials can be seen as a first, vital step.
Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. We believe that implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy.
It will be more efficient to start both at the same time – iTGRC Asia, in collaboration with IT Governance can help you with an integrated approach. Depending on your current resources, time commitments and budget, you could start with the Cyber Essentials scheme, which will give you an introduction to the world of certification, and then continue to ISO 27001:2013 when you are ready.